Splunk Admin

• Onboard data sources through various methods (UF, HF, Syslog, Splunk TA, HEC, FTP(S), CSV, DB Connect, etc.)

• Experience working with the Splunk Common Information Model

• Skillful at parsing fields from unstructured logs (without the needs of Splunk Apps)

• Administration of Splunk Enterprise Security and Splunk ES Essentials.

• Maintain Data Models and base save searches.

• Recommend and develop on-demand dashboards, rules, alerts, and reports using Splunk SIEM

• Management and support parsing fields from unstructured logs

• Administration and support for Splunk cluster environment

• Assist in developing use cases to fulfill gaps that may be identified using several security tools

• Be able to communicate findings or new rule logic on a technical and logical level to teams and leadership

• Should comprehend and understand a problem and assist in developing potential corrective actions.

• Architectural knowledge of Splunk configurations and experience in onboarding large datasets from inhouse and cloud data sources.